Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-01-21 21:41:21 +01:00
Code Issues Projects Releases Wiki Activity
05f5d79938
bitwarden-server/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTest.cs
cd-bitwarden ec8476912d
[SM-381] New secrets access (#2629) 
* [SM-66] Create Secret Database Table (#2144)

Objective
The purpose of this PR is to create a database table, entity, and repository for the new Secret database table.

The new Secret table will use entity framework for all database providers.

* [SM-67] Get all secrets by org ID (#2163)

Add a controller to fetch secrets associated with an organization ID.

To note, the [SecretsManager] attribute makes this controller only available for local development.

* [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201)

The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project.

* Move interfaces to core (#2211)

* [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206)

* Read UTC DateTimes from db and order by revision

* Move orderby to repo layer

* [SM-185] Add EE_Testing_env to server (#2222)

* Sm 104 project Database (#2192)

* Project DB addition and sprocs

* Adding spaces to the end of each file, fixing minor issues

* removing useless comments

* Adding soft delete proc to migration

* Project EF Scaffold

* Additional changes to use EF instead of procedures

* Adding dependency injection

* Fixing lint errors

* Bug fixes

* Adding migration scripts, removing sproc files, and setting up Entity framework code

* Adding back accidentally deleted sproc

* Removing files that shouldn't have been created

* Lint

* Small changes based on Oscar's rec (#2215)

* Migrations for making CreateDate not null

* adding space to end of file

* Making Revision date not null

* dotnet format

* Adding nonclustered indexes to SQL

* SM-104: Update PR with changes Thomas proposed

Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>

* Removing org ID from create request body (#2243)

* SM-114: Add create & update project endpoints (#2251)

* SM-114: Initial commit with create project endpoint (for SM)

* SM-114: Add Update Project route (for SM)

* SM-114: Fix file encodings

* Fix DI issue for SM Project Create/Update commands

* Fix import ordering for linter

* SM-114: Remove unneeded lines setting DeletedDate, as it should already be null

* SM-114: Only have OrgId in route for CreateProject

* Remove unneeded using

* SM-114: Initial commit with create project endpoint (for SM)

* SM-114: Add Update Project route (for SM)

* SM-114: Fix file encodings

* Fix DI issue for SM Project Create/Update commands

* Fix import ordering for linter

* SM-114: Remove unneeded lines setting DeletedDate, as it should already be null

* SM-114: Only have OrgId in route for CreateProject

* Remove unneeded using

* Fully remove OrgId from ProjectCreateRequestModel

* [SM-64] Soft Delete Secrets (#2253)

* Bulk delete secrets with command unit tests

* Controller unit tests

* Optimize conditionals

* SM-64 bulk delete integration test

* fix test

* SM-64 code review updated

* [SM-65] Fix return empty secrets list (#2281)

* Secrets return empty list

* [SM-246] Use repository in integration test (#2285)

* [SM-190] Add integration tests to Secrets (#2292)

* Adding integration tests for the SecretsController

Co-authored-by: Hinton <hinton@users.noreply.github.com>

* Sm 95 - Adding GetProjects endpoint (#2295)

* SM-114: Initial commit with create project endpoint (for SM)

* SM-114: Add Update Project route (for SM)

* SM-114: Fix file encodings

* Fix DI issue for SM Project Create/Update commands

* Adding GetProjectsByOrg

* fixing merge conflicts

* fix

* Updating to return empty list

* removing null check

Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>

* [SM-191] Create ServiceAccount Table (#2301)

* SM-191 Create ServiceAccount Table

* [SM-207] API for listing service accounts by organization (#2307)

* SM-207 list service accounts by org

* SM-96: Add ability to get project by id (#2314)

* SM-96: Small change to allow getting project by id

* Fix whitespace issue

* Add first integration test and fix date bug

* Ensure tests are consistent

* Add more project controller integration tests

* Remove commented delete for now

* [SM-187] Create ServiceAccounts (#2323)

* SM-187 Create & Update ServiceAccounts

* Remove extra new line src/Api/Controllers/ServiceAccountsController.cs

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* [SM-218] [SM-219] SM Auth flow (#2297)

* SM-282 Delete Projects (#2335)

* SM-282 delete & bulk delete projects

* Have delete commands return tuple with object

* Fix admin project not working after secrets manager changes (#2339)

* [SM-150] proj and secrets mapping (#2286)

* Beggining of changes for Project Secrets mapping

* Beggining of changes for project and secrets mapping

* Inital changes to add Mapping table for Project Secrets

* Resolve migration not working properly

* Indent sql

* Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository.

* Changes made with Oscar

* Add reversemap

* running lint and removing comments

* Lint fixes

* fixing merge issues

* Trying to fix the DB issue

* DB fixes

* fixes

* removing unused space

* fixing lint issue

* final lint fix I hope

* removing manually added sql.sqlproj

* Lint changes and fixing the sql proj issues

* adding ServiceAccount to sql proj

* Removing ON DELETE CASCADE

* remove On delete cascade

* changes for deleting project and secret inside of the Organization_DeleteById procedure.

* changes for deleting project and secret inside of the Organization_DeleteById procedure.

* migration changes

* Updating constraints

* removing void

* remove spaces

* updating cipherRepo tests to be task instead of void

* fixing

* fixing

* test

* fix

* fix

* changes to remove circular dependency

* fixes

* sending guid and string name of the project over

* Update src/Sql/dbo/Tables/Secret.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* Update src/Sql/dbo/Tables/Project.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* removing unused code

* Potential refactor (#2340)

* migrations

* Postgres migraiton

* Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* rename file

* Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* Lint fixes

* removing extra semi colon

* removing circular references with projects and secrets

* adding back projects

* Add ProjectFixture

* Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Hinton <hinton@users.noreply.github.com>

* [SM-300] Access token endpoint (#2377)

* [SM-324] Add Organization to JWT claim (#2379)

* [SM-259] Add create access token endpoint for service accounts (#2411)

* Add create access token for service accounts

* [SM-259] Fix create access token scope initialization (#2418)

* Fix namespace for ServiceAccount command tests

* Remove "this" from SecretsManager requests

* Fix have scope be assigned a JSON list

* SM-99: Individual Project / Secrets Tab (#2399)

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* [SM-361] Add Support for never expiring ApiKeys (#2450)

* Update database to support never expiring ApiKey

* Update Api to support never expiring ApiKeys

* Fix unit test variable naming

* Remove required from model

* Fix spacing

* Add EF migrations

* Run dotnet format

* Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* [SM-359] Fix project secrets migration (#2443)

* [SM-299] Add UseSecretsManager flag (#2413)

* [SM-193] Access Policy (#2359)

* [SM-371] Fix and re-enable parallel integration tests (#2460)

* Fix and re-enable parallel integration tests

* Fix package lock files

* Move fix to ApiApplicationFactory

* Run dotnet restore --force

* Run dotnet format

* Reset packages.lock.json files

* Add project access checks for listing

* SM-99: Add CreateSecretWithProject Integration Test (#2452)

* Add GetSecretsByProjectAsync endpoint

* Add GetManyByProjectIdAsync endpoint

* Update response model for GetSecretsByProjectAsync

* Include projects when returning secrets by project id

* SM-99: Add ability to specify projectId when creating a secret

* SM-99: Update tests to accomodate for new create secret parameter

* Fix failing test

* SM-99: Handle optional projectId for new secret in ToSecret()

* SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings

* SM-99: make CreateAsync for secret more clear

* Add CreateSecretWithProject integration test

* Fix CreateSecretWithProject integration test for SM-99

* Run dotnet format

* Undo added space

* Refactor test

* Refactor CreateSecretWithProject API Integration test again

* Change to boolean flag

* [SM-379] Add SDK device type (#2486)

* Add support for service accounts

* Improve logic for project repository

* Add remaining client types

* Experiment with separate enum for access control

* Add access checks to update project

* Rework AccessClientType

* Add access checks to fetching project

* Add checks to delete project command (untested)

* Remove some service account stuff

* Add ServiceAccount to AccessClientType

* Change CS8509 to error and 8424 to ignore

* Remove unused utcNow

* Fix delete tests

* SM-73 changes (#2422)

* testing

* test2

* testing

* trying to save the projects associated with the secret

* changes

* more changes

* Fix  EF error

* Second attempt

* Replace AddIfNotExists with Add.

* changes

* fixing await issue

* lint

* lint fixes

* suggested changes

* suggested changes

* updating tests

* fixing tests 2

* fixing tests

* fixing test

* fixing test

* fixing tests

* test

* testing

* fixing tests for the millionth time

* fixing tests

* allowing nulls for projectIds, fixing lint

* fixing tests

Co-authored-by: Hinton <hinton@users.noreply.github.com>

* fixing tests

* fixing tests

* [SM-222] [SM-357] Squash Secrets Manager migrations (#2540)

* Fix tables not being cleaned up

* Fix migration

* Squash secrets manager migrations

* Reset EF to pre SM state

* Add EF migrations

* Fix unified docker

* Add missed copy

* Fix all unit tests

* draft changes to add access checks to secrets

* updating code

* more changes

* fixing issues

* updating logic for access checks

* updating secrets controller

* changes

* changes

* merging more

* changes

* updateS

* removing unused comment

* changes requested by Thomas

* more changes suggested by Thomas

* making thomas's suggested changes

* final changes

* Run dotnet format

* fixes

* run dotnet format

* Updating tests

* Suggested changes

* lint fixes

* Test updates

* Changes

* Fixes for tests, and dotnet format

* Fixes

* test fixes

* changes

* fix

* fix

* test fix

* removing duplicate

* Removing dupe

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 11:42:07 -08:00

513 lines
19 KiB
C#
Raw Blame History

using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
using Bit.Api.IntegrationTest.SecretsManager.Enums;
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
using Bit.Core.Enums;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Repositories;
using Bit.Test.Common.Helpers;
using Xunit;
namespace Bit.Api.IntegrationTest.SecretsManager.Controllers;
public class SecretsControllerTest : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
{
private readonly string _mockEncryptedString =
"2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98sp4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
private readonly HttpClient _client;
private readonly ApiApplicationFactory _factory;
private readonly ISecretRepository _secretRepository;
private readonly IProjectRepository _projectRepository;
private readonly IAccessPolicyRepository _accessPolicyRepository;
private string _email = null!;
private SecretsManagerOrganizationHelper _organizationHelper = null!;
public SecretsControllerTest(ApiApplicationFactory factory)
{
_factory = factory;
_client = _factory.CreateClient();
_secretRepository = _factory.GetService<ISecretRepository>();
_projectRepository = _factory.GetService<IProjectRepository>();
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
}
public async Task InitializeAsync()
{
_email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
await _factory.LoginWithNewAccount(_email);
_organizationHelper = new SecretsManagerOrganizationHelper(_factory, _email);
}
public Task DisposeAsync()
{
_client.Dispose();
return Task.CompletedTask;
}
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var response = await _client.GetAsync($"/organizations/{org.Id}/secrets");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task ListByOrganization_Success(PermissionType permissionType)
{
var (org, orgUserOwner) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString,
});
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
var secretIds = new List<Guid>();
for (var i = 0; i < 3; i++)
{
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
Projects = new List<Project> { project }
});
secretIds.Add(secret.Id);
}
var response = await _client.GetAsync($"/organizations/{org.Id}/secrets");
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretWithProjectsListResponseModel>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Secrets);
Assert.Equal(secretIds.Count, result.Secrets.Count());
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Create_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var request = new SecretCreateRequestModel
{
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
};
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task CreateWithoutProject_RunAsAdmin_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var request = new SecretCreateRequestModel
{
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
};
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
Assert.NotNull(result);
Assert.Equal(request.Key, result!.Key);
Assert.Equal(request.Value, result.Value);
Assert.Equal(request.Note, result.Note);
AssertHelper.AssertRecent(result.RevisionDate);
AssertHelper.AssertRecent(result.CreationDate);
var createdSecret = await _secretRepository.GetByIdAsync(new Guid(result.Id));
Assert.NotNull(result);
Assert.Equal(request.Key, createdSecret.Key);
Assert.Equal(request.Value, createdSecret.Value);
Assert.Equal(request.Note, createdSecret.Note);
AssertHelper.AssertRecent(createdSecret.RevisionDate);
AssertHelper.AssertRecent(createdSecret.CreationDate);
Assert.Null(createdSecret.DeletedDate);
}
[Fact]
public async Task CreateWithoutProject_RunAsUser_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true);
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var request = new SecretCreateRequestModel
{
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
};
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task CreateWithProject_Success(PermissionType permissionType)
{
var (org, orgAdminUser) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
AccessClientType accessType = AccessClientType.NoAccessCheck;
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
var orgUserId = (Guid)orgAdminUser.UserId;
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
accessType = AccessClientType.User;
var accessPolicies = new List<BaseAccessPolicy>
{
new Core.SecretsManager.Entities.UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id , Read = true, Write = true,
},
};
orgUserId = (Guid)orgUser.UserId;
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
var secretRequest = new SecretCreateRequestModel()
{
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
ProjectIds = new[] { project.Id },
};
var secretResponse = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", secretRequest);
secretResponse.EnsureSuccessStatusCode();
var secretResult = await secretResponse.Content.ReadFromJsonAsync<SecretResponseModel>();
var secret = (await _secretRepository.GetManyByProjectIdAsync(project.Id, orgUserId, accessType)).First();
Assert.NotNull(secretResult);
Assert.Equal(secret.Id.ToString(), secretResult!.Id);
Assert.Equal(secret.OrganizationId.ToString(), secretResult.OrganizationId);
Assert.Equal(secret.Key, secretResult.Key);
Assert.Equal(secret.Value, secretResult.Value);
Assert.Equal(secret.Note, secretResult.Note);
Assert.Equal(secret.CreationDate, secretResult.CreationDate);
Assert.Equal(secret.RevisionDate, secretResult.RevisionDate);
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Get_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
});
var response = await _client.GetAsync($"/organizations/secrets/{secret.Id}");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task Get_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
else
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true);
await LoginAsync(email);
}
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
Projects = new List<Project> { project }
});
var response = await _client.GetAsync($"/secrets/{secret.Id}");
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
Assert.Equal(secret.Key, result!.Key);
Assert.Equal(secret.Value, result.Value);
Assert.Equal(secret.Note, result.Note);
Assert.Equal(secret.RevisionDate, result.RevisionDate);
Assert.Equal(secret.CreationDate, result.CreationDate);
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Update_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
});
var request = new SecretUpdateRequestModel
{
Key = _mockEncryptedString,
Value = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
Note = _mockEncryptedString
};
var response = await _client.PutAsJsonAsync($"/organizations/secrets/{secret.Id}", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task Update_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
Projects = permissionType == PermissionType.RunAsUserWithPermission ? new List<Project>() { project } : null
});
var request = new SecretUpdateRequestModel()
{
Key = _mockEncryptedString,
Value = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
Note = _mockEncryptedString,
ProjectIds = permissionType == PermissionType.RunAsUserWithPermission ? new Guid[] { project.Id } : null
};
var response = await _client.PutAsJsonAsync($"/secrets/{secret.Id}", request);
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
Assert.Equal(request.Key, result!.Key);
Assert.Equal(request.Value, result.Value);
Assert.NotEqual(secret.Value, result.Value);
Assert.Equal(request.Note, result.Note);
AssertHelper.AssertRecent(result.RevisionDate);
Assert.NotEqual(secret.RevisionDate, result.RevisionDate);
var updatedSecret = await _secretRepository.GetByIdAsync(new Guid(result.Id));
Assert.NotNull(result);
Assert.Equal(request.Key, updatedSecret.Key);
Assert.Equal(request.Value, updatedSecret.Value);
Assert.Equal(request.Note, updatedSecret.Note);
AssertHelper.AssertRecent(updatedSecret.RevisionDate);
AssertHelper.AssertRecent(updatedSecret.CreationDate);
Assert.Null(updatedSecret.DeletedDate);
Assert.NotEqual(secret.Value, updatedSecret.Value);
Assert.NotEqual(secret.RevisionDate, updatedSecret.RevisionDate);
}
[Theory]
[InlineData(false, false)]
[InlineData(true, false)]
[InlineData(false, true)]
public async Task Delete_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
await LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
});
var secretIds = new[] { secret.Id };
var response = await _client.PostAsJsonAsync($"/secrets/{org.Id}/delete", secretIds);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task Delete_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true);
await LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
var secretIds = new List<Guid>();
for (var i = 0; i < 3; i++)
{
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
Projects = new List<Project>() { project }
});
secretIds.Add(secret.Id);
}
var response = await _client.PostAsJsonAsync($"/secrets/delete", secretIds);
response.EnsureSuccessStatusCode();
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<BulkDeleteResponseModel>>();
Assert.NotNull(results);
var index = 0;
foreach (var result in results!.Data)
{
Assert.Equal(secretIds[index], result.Id);
Assert.Null(result.Error);
index++;
}
var secrets = await _secretRepository.GetManyByIds(secretIds);
Assert.Empty(secrets);
}
}
Reference in New Issue View Git Blame Copy Permalink